January 9No talk (Real World Crypto Workshop)

January 16Succinct Functional Encryption and Applications

Speaker: Raluca Ada Popa (MIT)

Abstract:
Functional encryption is a powerful primitive: given an encryption Enc(x) of a value x and a secret key sk_f corresponding to a circuit f, it enables efficient computation of f(x) without revealing any additional information about x. Constructing functional encryption
schemes with succinct ciphertexts that guarantee security for even a single secret key sk_f (for a general function f) is an important open problem with far reaching applications, which this paper addresses.

Our main result is a functional encryption scheme for any general function f of depth d, with succinct ciphertexts whose size grows with
the depth d rather than the size of the circuit for f. We prove the security of our construction based on the intractability of the learning with error (LWE) problem. More generally, we show how to construct a functional encryption scheme from any attribute-based encryption scheme and fully homomorphic encryption scheme.

We demonstrate the power of this result by using it to construct a reusable circuit garbling scheme with input and circuit privacy: an open problem that was studied extensively by the cryptographic community during the past 30 years since Yao's introduction of a one-time circuit garbling method in the mid 80's. Our scheme also leads to a new paradigm for general function obfuscation which we call token-based obfuscation. Furthermore, we show applications of our scheme to fully homomorphic encryption for Turing machines where the homomorphic evaluation runs in input-specific time rather than worst case time, and to publicly verifiable and secret delegation.

January 23Organizational meeting

Organizational meeting: Sign up to give a talk!

January 30Secure File Systems

Speaker: Ali Mashtizadeh

Abstract:
Modern users want instant access to their data on any machine they log
into, offline access when they are traveling, and file history to
access accidentally deleted or damaged data. We built Ori, a file
system that supports all these use cases, showing how a single file
system can be suitable for multiple different configurations: as a
general purpose local file system, as a distributed one, and as one
that supports versioning. The key insight is that version control and
network file systems go hand in hand: replication and versioning are
needed for offline use and later merging/conflict resolution, and
network file system-like mechanisms to instantly access remote files
are needed to make general use practical. The latter is achieved
through InstaClone, a novel mechanism introduced by Ori. Ori runs on
Mac OS, Linux, and FreeBSD, and show a small overhead when used as a
general purpose file system, while bringing the benefits of versioning
and instant remote access to all files.

February 6EyeQ — Protecting your Network Performance

Speaker: Vimal Jeyakumar

Abstract:
Today, a datacentre infrastructure provider (e.g. Amazon AWS, Windows
Azure) hosts diverse applications and not all of them can be
trusted. While "virtualisation" has made significant advances in
isolating CPU performance, there's little to no protection for network
bandwidth. Contention occurring at timescales of a few milliseconds,
invisible on human timescales, can degrade long term performance.

This talk is about one practical approach to "virtualise" network
bandwidth even in the presence of adversarial traffic patterns.

February 13IFC and Browser Security

Speaker: Edward Yang

Abstract:
To ensure the confidentiality and integrity of web content, modern web
browsers enforce isolation between content and scripts from different
domains with the same-origin policy. However, many web applications
require cross-origin sharing of code and data. This conflict between
isolation and sharing has led to an ad hoc implementation of the SOP
that has proven vulnerable to such attacks as cross-site scripting,
cross-site request forgery, and browser privacy leaks. In this talk, we
argue that information flow control (IFC) subsumes same-origin policy.
We'll show how to express existing browser policies in IFC and show
that IFC can also help developers build complex sites such as mashups,
which are notoriously difficult to implement securely under the SOP.

February 20Escaping the Panopticon: Imagining a Truly Decentralized Web

Speaker: Amit Levy

Abstract:
Most internet services (e-mail, web applications, instant messaging,
VOIP, VPN) have become dominated by centralized providers.
Correspondingly, a lot of research on secure systems now starts with a
cloud centric viewpoint. This adversely affects users choice, privacy,
and identity ownership. We believe that the centralized approach
deployed today is fundamentally at odds with solving many of these
issues and that a distributed solution should be purused to restore
much of the original promise of the Internet. This solution should take
the form a new ”platform” for developers and users, but one that is
open and devoid a single corporate owner. The convergence of
improvements in network bandwidth, IPv6 and hardware costs make this a
viable solution today.

Summary:
I will present some of the results and techniques employed in the STOC
2008 paper by Blum, et al. Given a database containing sensitive
information, the authors applied learning theory to create a synthetic
database that can answer queries from a given concept class while
providing non-trivial utility for each of the queries, and preserving
privacy. This paper circumvented some earlier negative results which
state that a privacy-preserving database access mechanism cannot answer
more than a sublinear number of queries accurately, by only
guaranteeing usefulness for queries in restricted classes.

I will also present some of the critiques by healthcare professionals
on the application of differential privacy mechanisms to release
sensitive healthcare data.

March 13Key Updatable Encryption

Speaker: Hart Montgomery

Summary:
Key updatable encryption is a tool that is extremely useful for modern
cloud computing. In this talk, I'll explain how key updatable
encryption works and why it is necessary and then give some examples of
key updatable encryption schemes. I will explain how to build key
updatable encryption schemes through a very useful primitive which we
call a key homomorphic pseudorandom function and then give some insight
on the technical details as to how these functions work.

This talk is
based mostly on a joint work with Dan Boneh, Kevin Lewi, and Ananth
Raghunathan.

March 20AES in the Browser using WebGL

Speaker: Okke Schrijvers

Abstract:
In this talk we discuss a way of exploiting the graphics framework
WebGL to do general purpose computation on the GPU (Graphics Processing
Unit) through browser code. We start with a basic discussion on
graphics programming on the GPU and see how we can use this knowledge
to run algorithms on the GPU that have nothing to do with graphics.
This leads us to a framework called GPGPU which stands for General
Purpose computation on a Graphics Processing Unit. We also identify the
challenges one has to deal with when formulating an algorithm in the
GPGPU framework. Next, we formulate the problem of performing AES
encryption as a GPGPU problem. This poses a number of problems: how can
we make the data available on the GPU, how do we subdivide the
algorithm so that we can reuse code on the GPU, and how can we perform
bitwise operations like XORs or shifts. We address these problems and
give an implementation.

Finally, we present running time results of
the code running on
different OSes with different browsers and compare it to the SJCL
JavaScript implementation. While our code is faster than other
browser-based implementation, we do not yet fully utilize the power of
the GPU. We end with identifying a number of potential causes for this
and potential solutions to these problems.